version EG_RGOS 11.9(4)B12P3, Release(08192723)
hostname EG2
!
app-auth offline-detect
!
app-auth cfg-opt id-mac
app-auth cfg-opt syn-proxy
app-auth cfg-opt tup-pass
!
app-auth set-mode business
!
app-auth local-auth subscriber mac-limit 0
!
app-auth wx-state direct
ip session filter 0
flow-pre-mgr enable
flow-pre-mgr protocol-enable
!
flow-pre-mgr upload-pps-limit 0
!
flow-pre-mgr new-session-limit start-up limit 0
flow-pre-mgr new-session-limit virtual-host limit 0
flow-pre-mgr new-session-limit real-host limit 0
!
flow-pre-mgr total-limit 0
!
convert port 1 to lan
convert port 2 to wan
!
ip access-list standard 1
10 permit any
!
ip access-list standard 10
10 permit 172.16.0.0 0.0.255.255
!
ip access-list extended 2397
10 deny ospf any any
20 deny 112 any any
30 deny icmp any any
40 deny udp any eq domain any
50 deny tcp any any eq www
60 deny tcp any any eq 443
1000 permit ip any any
list-remark
servctl service rlog off
servctl service police_log off
servctl service was off
servctl service apm off
sntp interval 7200
sntp server ntp.ntsc.ac.cn
sntp server ntp1.aliyun.com
sntp enable
ip tcp keepalive
!
time-range any
periodic Daily 0:00 to 23:59
!
time-range day_time
periodic Daily 6:00 to 18:00
!
time-range night_time
periodic Weekdays 0:00 to 5:59
periodic Daily 18:01 to 23:59
!
time-range unwork_time
periodic Weekdays 0:00 to 7:59
periodic Weekdays 12:00 to 13:00
periodic Weekdays 18:01 to 23:59
!
time-range weekend
periodic Weekend 0:00 to 23:59
!
time-range work
periodic Weekdays 9:00 to 17:00
!
time-range work_time
periodic Weekdays 8:00 to 12:00
periodic Weekdays 13:00 to 18:00
!
time-range working_time
periodic Weekdays 0:00 to 23:59
!
identify-application templete tpl-college
identify-application enable
!
identify-application custom-group ҳӦte
app-add WEBӦapp-add BӦapp-add
app-add HTTPapp-add HTTP
app-add WEB
app-add
app-add ҳϸ
app-add Ϸƽ
app-add Ϸ
app-add app-add Ѷ
app-add app-add ԶЭapp-add
app-add Ѷ_MOBILE
app-add OBILE
app-add WEB_MOBILE
app-add OBILE
!
identify-application custom-group te
app-add ý
app-add P2PӦ
!
identify-application custom-group ƵӦte
app-add HTTP
app-add BILE
!
identify-application custom-group ~route
app-add HTTP
app-add HTTP
app-add app-add app-add ILE
app-add OBILE
!
identify-application custom-group ~route
app-add app-add app-add Ϸ
!
identify-application custom-group QQȨte
app-add Ӣ
app-add Ӣ
!
identify-application key DNS
identify-application key Ѷ
identify-application key IPdentify-application key
identify-application key ICMP-DETAIL
identify-application key VPNӦdentify-application key
identify-application key dentify-application key Ѷ_MOBILE
identify-application web-group HTTPЭdentify-application web-group ҳϸ
identify-application web-group HTTPS
identify-application online-video-group HTTP
identify-application online-video-group BILE
identify-application p2p-video-group ý
identify-application download-group HTTP
identify-application download-group FTP
identify-application download-group
identify-application download-group TFTP
identify-application download-group NNTP
identify-application download-group IXIA
identify-application download-group SVN
identify-application download-group SMB
identify-application download-group ILE
identify-application download-group dentify-application download-group OBILE
identify-application p2p-group P2PӦ
identify-application p2p-group dentify-application update-group dentify-application upload-group HTTP
identify-application inhibitive P
identify-application inhibitive P
identify-application inhibitive TCPdentify-application inhibitive UDPdentify-application inhibitive TCPdentify-application inhibitive UDidentify-application inhibitive Ϸ
identify-application block S
identify-application other dentify-application other dentify-application other
identify-application other ·
identify-application other
identify-application other ԶЭdentify-application other
identify-application other OBILE
identify-application other OBILE
identify-application other OBILE
identify-application other MOBILE
identify-application other RFC
identify-application other IP-RAW
identify-application other IPЭ
app-proxy expect enable
no ssl-audit mode
!
https-audit enable
anti-pap set-node 0
url-filter-notice display ֹϵ
url-audit exact-filter
no url-rule apply-referer
!
url-class un_audit_class
comment unaudit
!
url-class forbidClass
url 15.1.1.2
!
url-object un_audit_object
class class
class un_audit_class
!
url-object illegal
class forbidClass
class
class
class
class
class class ɫclass Υ
!
content-policy _AUDIT_DEFAULT
mail-rule audit-default-enable
im-rule audit-default-enable
web-bbs-rule audit-default-enable
web-search-rule audit-default-enable
web-mail-rule audit-default-enable
url-rule audit-default-enable
!
content-policy P2P
app-rule 1 time-range work app-group P2PӦ action deny audit comment P2P-app-1665810674753
!
content-policy _TOP_PRIORITY
url-rule 1000 url-object illegal time-range any action deny audit comment url-rule 997 url-object un_audit_object time-range any action permit comment
!
content-policy-relate relate auth-subscriber any policy _TOP_PRIORITY
content-policy-relate relate subscriber any policy _TOP_PRIORITY
content-policy-relate relate subscriber any policy P2P
content-policy-relate relate subscriber any policy _AUDIT_DEFAULT
no register device
!
no cwmp
!
dev-audit enable
service dhcp
!
ip dhcp pool pool_Gi0/0
lease 0 0 1
network 192.168.1.0 255.255.255.0 192.168.1.17 192.168.1.254
dns-server 114.114.114.114
default-router 192.168.1.1
!
ip name-server 114.114.114.114
!
dns-proxy
!
mail-service enable
feedback frequency 60
flow-audit enable
flow-audit intf-rt refresh 1
flow-audit intf-rt storage 10 max
!
layer23 classify enable
!
layer23 scc-attention enable
!
network-group name "Out_Server" parent "/"
!
line-quality enable
!
no write-db enable
!
sys-mode gateway
!
specify interface GigabitEthernet 0/0 lan
specify interface GigabitEthernet 0/1 lan
specify interface GigabitEthernet 0/2 wan
specify interface GigabitEthernet 0/5 wan
specify interface GigabitEthernet 0/6 wan
!
no nat-log enable
no ip nat-log on
password policy min-size 6
password policy strong
no service password-encryption
!
ip http port 80
ip http secure-port 4430
enable service web-server all
enable service web-server http
enable service web-server https
no rnfp-ping-reply enable
!
control-plane
ef-rnfp enable
security deny wan-web
security deny wan-telnet-ssh
anti-arp-spoof scan 20
attack threshold 500
!
control-plane protocol
scpp list 2397 bw-rate 3600 bw-burst-rate 3600
no acpp
!
control-plane manage
port-filter
arp-car 20 log
scpp list 2397 bw-rate 3600 bw-burst-rate 3600
no acpp
!
control-plane data
no glean-car
scpp list 2397 bw-rate 3600 bw-burst-rate 3600
no acpp
!
logging filter rule exact-match module LOGIN mnemonic LOGIN_FAIL level 5
logging userinfo command-log
logging buffered 65535
logging file usb0:syslog/syslog
clock timezone UTC +8 0
!
vpdn limit_rate 15
!
web quick-set
macc start-set
webmaster username admin password 7 12201c1a1354704a73
!
flow-control Gi0/2
comment tpl-college
!
channel-tree inbound
no auto-pir enable
!
channel-group root parent null cir 999999 pir 999999 pri 4 per-net per-pir 2000 limit 100
channel-group key parent root cir 80000 pir 100000 pri 3 per-net per-pir 5000 limit 100
channel-group default parent root pir 100000 pri 3 per-net per-pir 10000 limit 100
channel-group web parent root cir 50000 pir 50000 pri 4 per-net per-pir 500 limit 100
2022年全国职业院校技能大赛-网络系统管理赛项设备配置
需积分: 0 58 浏览量
2023-04-16
21:33:27
上传
评论 2
收藏 53KB ZIP 举报
Xun_M
- 粉丝: 713
- 资源: 1